Mempodipper: Gain Root without Local Root Kernel Exploits

Posted: 07/20/2012 in G.N.A.HackTeam, Info, Linux Hacking
Tags: , , , , , , , , , , , , , ,

Mempodipper is a great Exploit that uses a Vulnerability found on ALL Linux kernels >=2.6.39 that haven’t been Patched, yet!

Extract from the Official Blog:

Mempodipper is an exploit for CVE-2012-0056. /proc/pid/mem is an interface for reading and writing, directly, process memory by seeking around with the same addresses as the process’s virtual memory space. In 2.6.39, the protections against unauthorized access to /proc/pid/mem were deemed sufficient, and so the prior #ifdef that prevented write support for writing to arbitrary process memory was removed. Anyone with the correct permissions could write to process memory. It turns out, of course, that the permissions checking was done poorly. This means that all Linux kernels >=2.6.39 are vulnerable, up until the fix commit for it a couple days ago. Let’s take the old kernel code step by step and learn what’s the matter with it.

We highly suggest you read more about Mempodipper here: http://blog.zx2c4.com/749

The Source-Code of Mempodipper: http://git.zx2c4.com/CVE-2012-0056/tree/mempodipper.c

To use it:

1. Paste the Source in a File

2. Save it as “mempodipper.c”

3. Compile using: “gcc mempodipper.c -o mempodipper”

4. Execute like this: ” ./mempodipper”

Video Demonstration

Advertisements
Comments
  1. Superb submit admin thank you. I observed what i was searching for right here. I will review whole of posts within this working day

  2. Santana says:

    i cant get how it is possible to reveal like this amazing posts admin a lot thanks

  3. oh my god fantastic article admin will check your web site generally

  4. I essential for this webpage publish admin truly thanks i will glimpse your future sharings i bookmarked your webpage

  5. Teen says:

    I tried it but don’t
    Linux 3.2.0-29-generic 2012 x86_64

    $ ./mempodipper
    [-] open: Permission denied
    [+] Opening parent mem /proc/31950/mem in child.

  6. Mete says:

    Thanks for mempodipper.c

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s